Mobile Security Framework or MobSF is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing framework capable of performing static, dynamic and malware analysis. It can be used for effective and fast security analysis of Android, iOS and Windows mobile applications and support both binaries (APK, IPA & APPX ) and zipped source code. It can do dynamic application testing at runtime for Android apps and has Web API fuzzing capabilities powered by CapFuzz.

Static Analyzer Docker Image

Automated prebuilt docker image of MobSF Static Analyzer is available from DockerHub

Dynamic Anlayzer is available only for Android binaries (APK) and works only if your computer has at least 4GB of RAM and Full Virtualization support.

NOTE: If you are configuring MobSF VM in VirtualBox for Dynamic Analysis, you must have configured MobSF in the host OS and not inside any VM.

To Configure Dynamic Analyzer we need 4 things.

VM UUID

Snapshot UUID

Host/Proxy IP

VM/Device IP

Steps to Follow

Open VirtualBox, Go to File -> Import Appliance and select the MobSF_VM_X.X.ova file.

Proceed with the import process. Do not alter anything.

Once the OVA is Imported Successfully, you will see a new entry in VirtualBox named MobSF_VM_X.X

Right Click MobSF VM and Choose Settings, Go to Network tab. Here we need to configure two Network Adapters.

Adapter 1 should be enabled and attached to Host-only Adapter. Remember the name of the adapter. We need the name to Identify the Host/Proxy IP.

Adapter 2 should be enabled and attached to NAT

Save the settings and Start MobSF VM. While the VM is Booting up. Note down the VM IP.

Once the VM Boots up, It will present a Lock Screen. The password for the Lock Screen is 1234.

NOTE: If the VM does not boot up properly then you cannot perform Dynamic Analysis with MobSF VM.

Getting the Host/Proxy IP

Windows : Issue the command ipconfig in command prompt and note down the IP corresponding to the name of the Host-only Adapter.

Unix : Issue the command ifconfig in terminal and note down the IP corresponding to the name of the Host-only Adapter.

NOTE: The VirtualBox Host-Only Adapter IP and MobSF VM IP should be in the same network range. If your MobSF VM IP and Adapter IP are in different network range, modify the Adapter IP to be in the same network range as that of MobSF VM IP.

Go to Wi-Fi Settings in MobSF VM and set the Proxy IP as the Host/Proxy IP which you have obtained from the previous step and port no as 1337.

Save the settings and Navigate to the Home Screen of MobSF VM. Wait for 30 seconds and save a snapshot of the MobSF VM in VirtualBox

Once the Snapshot is saved, right click MobSF VM and select Show in Explorer or Show in Finder.

Open the File MobSF_VM_X.X.vbox in any Text Editor and note down the VM UUID and Snapshot UUID.

Here the value of uuid is the VM UUID and currentSnapshot is the Snapshot UUID.

Now we have all the things needed to configure the Dynamic Analyzer (Host/Proxy IP, VM IP, VM UUID and Snapshot UUID)

Go to MobSF/settings.py and set the appropriate values as

UUID = VM UUID

SUUID = Snapshot UUID

VM_IP = VM IP

PROXY_IP = Host/Proxy IP

In MobSF/settings.py, set ANDROID_DYNAMIC_ANALYZER ="MobSF_VM" (default)

This will configure MobSF to use Android VirtualBox VM for Dynamic Analysis.

Run scripts/mobsfy_AVD.py script and specify the directory that contains the files extracted from MobSF_ARM_Emulator.zip.

In MobSF/settings.py, set ANDROID_DYNAMIC_ANALYZER ="MobSF_AVD"

This will configure MobSF to use Android arm Emulator for Dynamic Analysis.

Manual Configuration (not recommended)

If mobsfy_AVD.py script is not running successfully, you need to set the values for AVD_EMULATOR and AVD_PATH in MobSF/settings.py manually.

Follow the README inside the emulator zip and change all the path fields according to your system

edit MobSF/settings.py and modify

AVD_EMULATOR = r'/Users/[USERNAME]/Library/Android/sdk/tools/emulator'
# This can be /Users/[USERNAME]/Library/Android/Sdk/emulator/emulator for newer versions of android SDK
AVD_PATH = r'/Users/[USERNAME]/.android/avd' # Path to the avd folder where you extracted the emulator

Configuring Dynamic Analyzer with Rooted Android 4.03 – 4.4 VM

VM on Virtual Box: If the VM is hosted on VirtualBox, follow the same steps that you have followed for configuring MobSF x86 VirtualBox VM and set appropriate VM UUID, SnapshotUUID, Host/Proxy IP, VM IP and set ANDROID_DYNAMIC_ANALYZER = "MobSF_VM"

Any Other VM: Configure it as a Real device. Set ANDROID_DYNAMIC_ANALYZER = "MobSF_REAL_DEVICE" and specify DEVICE_IPand DEVICE_ADB_PORT. Snapshot feature is only available with VM(s) hosted in VirtualBox.

Updating MobSF

If you are updating MobSF, In most cases you might have to perform database migrations or you will see errors such as

[ERROR] Saving to DB (E:\Mobile-Security-Framework-MobSF\StaticAnalyzer\views\android\db_interaction.py, LINE 236 "static_db.save()"): table StaticAnalyzer_staticanalyzerandroid has no column named

Run the below command to migrate your db

python3 manage.py makemigrationspython3 manage.py migrate

If the above changes didn’t work, you might have to run clean.sh(present in scripts) in Mac/Linux. After that run the above commands.

NOTE: This will remove the previously saved scan results.

Disabled Components

Some components are disabled by default as they are experimental

APKiD

APKiD is disabled by default. Before enabling you will have to install the rednaga fork of yara-python.